Former McAfee CEO DeWalt: McAfee's Model Is 'Flawed'

Former McAfee CEO Dave DeWalt is criticizing his old company, calling its technology strategy an "outdated" and "flawed" approach to addressing advanced threats.

DeWalt now heads FireEye, the darling of Wall Street, where investors signaled they liked the vendor's security technology by valuing it above $400 million after the company's IPO debut in September. In an interview with CRN, DeWalt said his company's threat detection platform is appealing to businesses because its virtual engine is deployed in-line, giving it the ability to inspect suspicious files in outbound and inbound traffic and block threats when they are detected. By contrast, McAfee's strategy, called Security Connected, brings together point-products that use signature-based detection methods, DeWalt said.

"Essentially the entire component, or detection engine around Security Connected, was blacklisting, a signature-based solution that used their global threat intelligence cloud to share greylisted or blacklisted signatures," DeWalt said. "That model is pretty flawed, in my opinion now, for the next-generation threat. What we're doing at FireEye is really a next version of that."

[Related: 5 New Security Advances You Need To Check Out ]

Sponsored post

FireEye is more than 90 percent channel and will remain committed to working with partners first as part of its go-to-market strategy, said DeWalt. In a 2008 interview with CRN while at the helm of McAfee, DeWalt said "you are either a channel company or a direct company, you can't do both." He told CRN Friday that FireEye plans to rely on skilled solution providers to sell, deploy and maintain its virtual appliances, which are deployed on the network to detect email, Web, data storage and mobile threats.

"We're just using modern technology like virtual machines as opposed to older technology like antivirus," DeWalt said. "We built it for connectivity and collaboration across the fabric of the enterprise."

Solution providers said DeWalt's critical comments about signature-based technologies are not new. Early adopters of emerging advanced threat detection technologies like FireEye and McAfee, with its recent acquisition of Stonesoft, are being watched very closely, they told CRN. Businesses won't be replacing traditional endpoint security platforms in the near future, said Rob Delevan, national account manager at Salt Lake City-based reseller, Wasatch I.T. The latest endpoint security software provides moves beyond signature-based detection to include behavioral analysis, heuristics and other threat detection capabilities, Delevan said. The advice to clients is to deploy security in layers and stay away from standardizing on a single platform.

"You don't want to put your eggs all in one basket," Delevan said. "We haven't seen any real uptick in interest in advanced threat detection technologies, but we continually try to do best-of-breed solutions and we're monitoring emerging trends."

Michael Fey, executive vice president, general manager of corporate products, and chief technology officer for McAfee, told CRN that DeWalt's criticism of a signature-based approach to addressing threats is fair and something that the entire security industry is well aware of and addressing. McAfee has built out Security Connected with a variety of security defensive technologies, including file behavioral analysis, and is sharing more than known bad or good files, Fey said. The platform is much more robust, sharing compromise indicators, asset information, identity information and data flows.

"Our customers, including FireEye, have required integrations of their security portfolios for years and want more of it," Fey said. "What we've done is saw an opportunity to use new innovation to go from a periodic relationship with endpoints to one that is real-time to defend itself. That is an innovation that our customers are really excited by."

NEXT: FireEye Could Acquire Talent, Technology, Says DeWalt

FireEye's DeWalt said he is layering into the company, a third-party technology ecosystem strategy he helped cultivate at McAfee. Much like McAfee's approach, the FireEye platform is open for third-party integration with technology partners, he said. DeWalt pointed out several vendors, including Infoblox, which introduced an adapter designed to pinpoint infected systems; Imperva, which sells a connector to quickly prevent database attacks; and other vendor connection points for automated incident response. The growing ecosystem is a sign of the security market embracing the technology, DeWalt said.

The company has $300 million in cash on hand to invest in a long-term strategy, and DeWalt said he is eyeing some small acquisitions to add talent and security capabilities into the platform. DeWalt said the company was also growing its development arm in India to build out appliances that can address security across a broader set of customers, beyond large enterprises. The approach, he said, allows FireEye to fuel growth quickly, investing heavily in marketing and sales as part of a "go-big, go-small and go-wide strategy."

"The idea is to build bigger and bigger appliances for the largest carriers and enterprises of the world but also build a very small form factor to go to the smallest businesses of the world and then go wide with the form factors and wide with the architecture. We are heavily building that and that is our development path," DeWalt said. "We'll use small tuck-in acquisitions here and there to continue to accelerate growth. It would be mostly to obtain talent or little pieces of technology that may further us along with our strategy, so we're not a big acquirer."

FireEye also has plans for additional investments in its channel program, DeWalt said. The company unveiled its Fuel Program earlier this year, and hired Steve Pataky, the industry veteran who architected Juniper Networks' Partner Advantage Program. The company is investing heavily in marketing, sales, training and certification programs. The two-tiered program consists of VARs and distributors. "Our entire approach to the market is to work with the channel," DeWalt said.