Computer Crime Research Center


We have stopped 96% of all the attacks on Microsoft

Date: June 03, 2005
By: Jaikumar Vijayan

Despite earlier fears, Microsoft Corp.'s looming shadow in the security market appears to have done little to slow McAfee Inc., one of the few major pure-play vendors in the market. The company last month reported a healthy first quarter, its consumer business is booming, and Wall Street analysts appear to be bullish on the company's prospects, at least for the short term.

On the eve of McAfee's annual Analyst Day, company president Gene Hodges spoke about McAfee's enterprise strategy and its plans to bring new risk management and network access control products to market early next year.

What is McAfee's strategy in the enterprise market, and what can customers expect to see by way of new products going forward?

At the heart of our strategy has been a shift toward behavioral detection and intrusion prevention. Obviously, we are a company with a good pedigree in reacting to attacks with our antivirus software. But we saw several years ago that the threat profile and the speed of propagation would outstrip what most companies would be able to handle in terms of incident response times. So we shifted to an intrusion-prevention strategy.

At this point, we have about a year and a half of solid data seeing these products deployed typically in larger enterprises. I can use McAfee as an example. We have stopped 96% of all the attacks on Microsoft and zero-day vulnerabilities this year. By the time an attack would appear, we had some anomaly detection capability or something else in our products that detected the problem -- even though it had not been seen before. For operational approaches, this means that reactive patching can almost stop. In our infrastructure, we have deployed just one patch so far this year in a reactive mode. It means the policy shifts much more towards risk management and intrusion-prevention policy planning and away from reactiveness. We obviously don't think that classic antivirus signature technology is [made] obsolete by intrusion-prevention technology. But we think we have a new and better way.

So what role will signature-based tools play in future?

Signature-based tools at this point sharpen the edge of the knife, so that the false positive rate is very low. One of the most important things we have done is to take a host intrusion-prevention product that we acquired last year and embedded some of the core capability from that product into our standard antivirus scan software. Using a combination of behavior and signature [technologies] allows you to put down a very broad intrusion-prevention footprint that with previous-generation products would have been fairly onerous to manage.

What products will you offer in the risk management market?

You will see the first real marriage of our risk management technology (acquired from Foundstone) with our intrusion-prevention technology early in 2006 with network access control products. We are going to call it the McAfee policy enforcer, and it will consist of ... system software that does near real-time vulnerability analysis on managed devices, plus network scanners from the Foundstone product line. We will have a series that will work with a heterogeneous networking infrastructure, and we will also have a version that will work specifically with Cisco's Network Admission Control Phase 2.

So the first leg of the tripod in terms of proactive protection is to get customers to a safe state with intrusion-prevention technologies. The second leg is risk management. And the third leg is network access control. When we bring all three of those together and they are managed predominantly through one set of control, the customer has the ability to shift almost all of their work to the time of vulnerability announcement, not at attack time.

A lot has been made of Microsoft's proposed plans in the security market. Is the Microsoft threat to pure-play vendors such as McAfee overstated?

Microsoft will clearly be a significant competitor. But our belief is that they will be most effective in the consumer arena and specifically in the retail distribution channel. Microsoft is a mighty marketing machine, and they are especially effective in classic retail distribution. Luckily, our channel strategy is focusing on two areas where they have less muscle -- in PC OEMs and in service providers. OEMs have a tendency to want to be masters of their own fates. They see themselves as the kingpins at the center. From our perspective, they are, and we do specialized engineering and specialized marketing and branding with them. With service providers, there is a bit of a built-in friction with Microsoft, given that Microsoft is a competitor through MSN.

Microsoft, I think, will present a bar that we have to clear in terms of added value. I think large companies will listen seriously to what Microsoft is doing and realize they don't have the complete security picture yet.

But it's not just Microsoft. Sometimes it seems like almost every company and service provider wants to play in the security market. Is that causing you to revise your strategies?

This is a question we evaluate constantly, but we keep coming up with the same answer. We don't see meaningful synergies in terms of improving customer solutions through diversification. I think Symantec, as an example, is diversifying to get out of Microsoft's way. Their data integrity strategy will have some benefits to customers -- especially in the area of compliance. But in the broad sweep of protecting network intrusions, this was not a great leap forward. This is an intensely competitive industry, but the real competition is the hacker. If the hacker or virus writer beats us, our customers are not going to buy our products anyway. It is your effectiveness against the hacker that I believe is going to determine whether you win in this marketplace or not.

What does your acquisition of Wireless Security Corp. (see story) mean for customers?

It's an interesting acquisition in the wireless security field for consumer home networking that is focused on making the setting up of a wireless network a one-click experience. They are an early-stage company with small revenues. It's not a huge deal, but it's an interesting deal in terms of covering the network tone.
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo