As the purveyors of malware continue to get more sophisticated, the defense systems IT organizations need to put in place must rise to meet the challenge.
Speaking today at the McAfee Focus 2013 conference, McAfee President Michael DeCesare said the goal now is nothing less than to reinvent endpoint security.
To achieve that goal, McAfee today unveiled an endpoint aware security information event management (SIEM) solution and a threat defense appliance that are both tightly integrated with the McAfee Real Time endpoint security software. The goal is to be able to first identify and freeze security threats on the network, and then use McAfee Real Time software to remediate the problem.
DeCesare says not only is malware becoming more targeted, it’s also becoming more sophisticated. Malware is being written that knows when it’s residing in a sandbox. As a result, the malware will stay idle until the sandbox process stops running.
Those types of attacks, adds DeCesare, are now taking advantage of backdoors in mobile applications and the often weak security processes that providers of cloud services have put in place.
Complicating that issue, says DeCesare, is the fact that the line between personal and professional data is blurring, a situation that will only get more complex as new classes of wearable mobile devices gain in popularity.
What is required, says DeCesare, is not only multilevel authentication, but also a data communication highway through which security data is shared in a standard, scalable way using an architecture that spans both McAfee and third-party security products. This central nervous system for data security is necessary, says DeCesare, because point-to-point integration of security products using multiple application programming interfaces is unsustainable.
The data highway, which McAfee refers to as Security Connected, is the mechanism through which McAfee envisions security intelligence being proactively shared in a way that limits the amount of time a given organization is vulnerable to a particular threat. It may not be possible to eliminate all security threats, but as countermeasures become both more integrated and automated, the cost of launching an attack rises to the point where the number of entities that can afford to launch those attacks will finally start to decline.