Former McAfee CEO DeWalt: McAfee's Model Is 'Flawed'

Printer-friendly version Email this CRN article

Former McAfee CEO Dave DeWalt is criticizing his old company, calling its technology strategy an "outdated" and "flawed" approach to addressing advanced threats.

DeWalt now heads FireEye, the darling of Wall Street, where investors signaled they liked the vendor's security technology by valuing it above $400 million after the company's IPO debut in September. In an interview with CRN, DeWalt said his company's threat detection platform is appealing to businesses because its virtual engine is deployed in-line, giving it the ability to inspect suspicious files in outbound and inbound traffic and block threats when they are detected. By contrast, McAfee's strategy, called Security Connected, brings together point-products that use signature-based detection methods, DeWalt said.

"Essentially the entire component, or detection engine around Security Connected, was blacklisting, a signature-based solution that used their global threat intelligence cloud to share greylisted or blacklisted signatures," DeWalt said. "That model is pretty flawed, in my opinion now, for the next-generation threat. What we're doing at FireEye is really a next version of that."


[Related: 5 New Security Advances You Need To Check Out]

FireEye is more than 90 percent channel and will remain committed to working with partners first as part of its go-to-market strategy, said DeWalt. In a 2008 interview with CRN while at the helm of McAfee, DeWalt said "you are either a channel company or a direct company, you can't do both." He told CRN Friday that FireEye plans to rely on skilled solution providers to sell, deploy and maintain its virtual appliances, which are deployed on the network to detect email, Web, data storage and mobile threats.

"We're just using modern technology like virtual machines as opposed to older technology like antivirus," DeWalt said. "We built it for connectivity and collaboration across the fabric of the enterprise."

Solution providers said DeWalt's critical comments about signature-based technologies are not new. Early adopters of emerging advanced threat detection technologies like FireEye and McAfee, with its recent acquisition of Stonesoft, are being watched very closely, they told CRN. Businesses won't be replacing traditional endpoint security platforms in the near future, said Rob Delevan, national account manager at Salt Lake City-based reseller, Wasatch I.T. The latest endpoint security software provides moves beyond signature-based detection to include behavioral analysis, heuristics and other threat detection capabilities, Delevan said. The advice to clients is to deploy security in layers and stay away from standardizing on a single platform.

"You don't want to put your eggs all in one basket," Delevan said. "We haven't seen any real uptick in interest in advanced threat detection technologies, but we continually try to do best-of-breed solutions and we're monitoring emerging trends."

Michael Fey, executive vice president, general manager of corporate products, and chief technology officer for McAfee, told CRN that DeWalt's criticism of a signature-based approach to addressing threats is fair and something that the entire security industry is well aware of and addressing. McAfee has built out Security Connected with a variety of security defensive technologies, including file behavioral analysis, and is sharing more than known bad or good files, Fey said. The platform is much more robust, sharing compromise indicators, asset information, identity information and data flows.

"Our customers, including FireEye, have required integrations of their security portfolios for years and want more of it," Fey said. "What we've done is saw an opportunity to use new innovation to go from a periodic relationship with endpoints to one that is real-time to defend itself. That is an innovation that our customers are really excited by."

NEXT: FireEye Could Acquire Talent, Technology, Says DeWalt

Printer-friendly version Email this CRN article