The Target breach was a wake-up call for the entire business world, showcasing that good enough security really isn’t good enough. That attack came in through a trust relationship with an outside vendor and did massive damage to Target’s brand and revenue. It also showcased that traditional security methods are simply inadequate for today’s risks. With today’s militarized malware, traditional IT security approaches will not respond fast enough to a penetration to effectively neutralize it.
After being acquired by Intel, McAfee was given the opportunity to step back and the company realized that its old approach, shared by much of the industry, wasn’t able to keep up with today’s security demands. The company then developed the McAfee Threat Intelligence Exchange, which changes the network from the major part of the problem to the major part of the solution.
McAfee also realized that no company can do this alone. To fight this threat that is more often coming on the back of government-level funding, you need a national-level response. With this, the company moves from trying to just block an attack, which has proved less and less successful, to instant identification and response.
Prevention vs. Response
If you had to harden a building against any and all physical attacks, you’d eliminate the windows and doors first, harden the foundation and roof, and build the whole thing out of diamond panels. Even so, a focused attack on one small part over an extended period would still penetrate the structure, where you’d be found dead from the lack of air, food, and water. In other words, you can’t completely close off a network from the outside and even if you did, a long-term, concerted attack would eventually penetrate it. In the meantime, your business would likely fail as a result of the isolation.
Because current security methods focus on prevention, attack attempts are often not caught before they penetrate security. And because the systems are designed to prevent penetration, not report it, catching a successful attack in a timely fashion has proven, as we saw with Target, ineffective.
But let’s say you built a glass building and instead focused on amassing a fast response team and installing sensors for detecting illegal entry. With far less hardening, you’d be able to see an attack coming and could have resources in place to mitigate that attack before damage was done. The same thing goes for your network. If you instrument the network so that you are constantly monitoring for attacks, you can immediately apply the right tools to stop the attack before it does damage—particularly if you network with other sites that may identify this kind of attack first. Even if your network is penetrated, you have a far better chance to mitigate the damage, and the companies with which you are networked may avoid it altogether.
What lies at the core of this offering is a massive amount of automation technology, which identifies and analyzes an attack and then both alerts and starts moving to mitigate it in an instant. Administrators are immediately aware that an attack is in progress and that the system has moved to fight it and they can take additional measures like disconnecting or shutting down systems based on what they see. Even if the attack is across multiple endpoints, the system can move to isolate them until an administrator can step in and figure out what else needs to be done. This automation is what provides the critical speed needed in an identification and mitigation product.
Wrapping Up: Global Threat Needs Global Response
No company, no matter how large, can alone mitigate the kind of threats we are now seeing in market. Militarized malware, malware markets (where this stuff is traded and sold legally in Eastern Europe) and ever more vulnerable and attractive digital targets make for a no-win scenario. The only possible response is one that can also pull from global resources, and that is what makes the McAfee Threat Intelligence Exchange work. It is global in scale and thus has the best chance of mitigating a national-level threat.