Global Intelligence Is Driving Holistic Security

Sophie Curtis,

He couldn’t talk about the impending acquisition by Intel, but McAfee’s EMEA president, Gert-Jan Schenk was keen to talk about global intelligence

Intel moved one step closer to finalising its purchase of security firm McAfee last week, after the European Union gave its approval for the $7.68 billion (£4.81bn) acquisition.

In a statement, the European Commission – the antitrust arm of the EU – said the concessions made by Intel should ensure fair competition in the marketplace, and that the approval of the deal was conditional on Intel following through on those concessions.

The news has led to rumours that Intel is now developing an “IT security game-changer” that will reportedly stop zero-day security attacks.

“Right now, anti-malware depends on signatures, so if you haven’t seen the attack before, it goes right past you unnoticed,” Intel’s chief technology officer Justin Rattner told Computerworld. “We’ve found a new approach that stops the most virulent attacks. It will stop zero-day scenarios. Even if we’ve never seen it, we can stop it dead in its tracks.”

Global intelligence

When eWEEK Europe met with Gert-Jan Schenk, the new president of EMEA for McAfee, who joined the company from Juniper Networks last October, he was not able to comment on the acquisition, as it is not yet closed. However, he did tell us about McAfee’s Global Threat Intelligence (GTI) database, which he claims is at the heart of the company’s – and therefore possibly of Intel’s – long-term strategy.

“The best way to describe it is social media for security,” said Schenk. “It is a database that resides in the cloud, and we get about 4 billion queries a day from users that check all the time whether a website or a file is good or bad. Having that intelligence available in the cloud, to dynamically talk to our endpoints and the network, enables us to identify traffic patterns. If something malicious is going on, you can immediately start blocking that traffic at the endpoint.”

Schenk compared the GTI database to Twitter, in the sense that it can respond to events in real-time. “Look how fast news from Twitter is reaching the world,” he said. “That’s the same thing you want with a security attack – you want an instant response. You don’t want to wait until the next update is ready.”

The GTI database uses algorithms to identify and analyse traffic patterns, enabling security researchers to predict breakouts and block these traffic streams or IP addresses. “It’s not about the boxes or devices, it’s all about the global intelligence that you’re gathering as a security company,” said Schenk.

“Our competitors talk to the different anti-virus programmes on the PCs, because that’s basically what all the AV companies are doing, but we also talk to the network, we talk to the firewalls and to the intrusion prevention systems. This allows us to nip it in the bud, because before a file comes in to an organisation you block it at the entry point. That’s really the biggest differentiator.”

Continued on page 2