Intel Security CTO: Retail Breaches Can Be Eliminated

Intel Security CTO Mike Fey said his company may have the silver bullet that could greatly reduce the likelihood of more massive credit card breaches and be extended beyond retail to address other critical environments.

In an interview with CRN, Fey, who also serves as executive vice president and manager of corporate products at Intel Security (formerly McAfee), said the company has architected a design that addresses every layer of the retail payment environment with point-to-point encryption, locked-down payment systems and extensive monitoring using an agent to identify threats. The design also can be used to address security in manufacturing, control networks and other critical environments, Fey said.

"We can reduce the likelihood of a successful breach to zero," Fey said. "We are looking at the point-of-sale environment as a whole."

[Related: Retail Credit Card Breaches: Payment Industry Faces Long-standing Hurdles]

Sponsored post

Fey also is building out Threat Intelligence Exchange, a framework designed to link myriad endpoint devices and exchange information once a threat is detected to provide immediate protection. The framework requires Intel Security's virtualization infrastructure, its centralized management console and the endpoint protection.

"My goal is to sell protection long term and get out of product," Fey said. "I'm going to go to that midlevel company and tell them that 'I'm going to protect you cradle to grave, flat pricing and you are covered from end to end.'"

Partners tell CRN that the long line of high-profile retail breaches this year, beginning with retail giant Target and continuing to Neiman Marcus, Home Depot and others, has forced all organizations to review their security practices and consider raising their security posture.

It's still unclear whether the breaches result in a greater level of security spending, but there is certainly more awareness, said Trish Southwell, executive vice president of sales operations at Frederick, Md.-based solution provider and security consultancy Patriot Technologies, an Intel Security partner.

"The pervasiveness of the breaches in these public companies affects everybody on a regular basis and it's increased awareness, but I'm not convinced that it is driving business yet," Southwell said. "Everyone is looking at these big companies and saying that [SMBs] have less money and far fewer resources, and it doesn't mean that their data is less attractive to the hacker."

NEXT: Partners Should Make Smaller Deals, Says Fey

Integration is a key part of the portfolio, Fey said, but partners should focus on winning smaller deals because the likelihood that the customer will come back to evaluate another part of the platform is high -- as much as 80 percent -- by Intel Security's estimates. When margins are the key of the channel environment, it comes from the product itself but also the cost of the sale, Fey said. If partners drive the cost of the sale down and increase their touch they will increase their margins.

"Our portfolio was built to start as a building block. Whenever we win any particular bake-off with one area, the likelihood [that with] the next bake-off we have a competitive advantage is very clear," Fey said. "Once you decide to go with the Intel Security portfolio, they all feed each other so much information now that it is hard to compete as a niche security vendor out there when you go after one particular silo."

Intel Security is facing competition at the endpoint from Symantec, Trend Micro, Sophos and Kaspersky Lab. On the networking side, Fey has been introducing network security appliances.

Intel Security's next-generation firewall, an appliance integrated into its portfolio following its 2013 acquisition of Stonesoft, pits the company against Palo Alto Networks, Check Point Software Technologies, Cisco Systems, Dell SonicWall and Juniper. Fey also introduced Advanced Threat Defense, a breach-detection appliance that uses a sandbox to analyze suspicious files. The product is the company's answer to the interest in FireEye and other advanced threat-detection products coming to market, Fey said.

Fey said he believes a big part of incident response needs to be automated and insists that organizations begin to embrace automated response. It's a thorny issue among IT security professionals, who say the human element is needed to eliminate false positives and reduce disruption at the endpoint.

"Security without action is not security," Fey said. "The fact that there are network devices that let you know there is an issue but don't fix it is not security."

Fey and Intel Security Channel Chief Gavin Struthers addressed partners at the company's Focus Partner Alliance Summit in Las Vegas on Monday. Intel Security's top solution providers grew 20 percent in 2013, triple the market growth, and at the end of the third quarter those partners are on track to triple the average again in 2014, Struthers said, adding that there has been some missed opportunity. Struthers said Intel Security partners need to build out managed and professional services practices.

An Intel Security survey of its partner base found growth in new deals for the McAfee Enterprise Security Manager, the company's security information event management platform from its 2011 acquisition of NitroSecurity. Some of the deals were with service providers that ripped out competitor products to use the McAfee platform for threat analytics and incident response-based services for their clients, Struthers said.

Partners also said the McAfee Next Generation Firewall is seeing growth followed by McAfee Total Protection, the company's data loss prevention software from its 2008 acquisition of DLP specialist Reconnex.