Security in the face of increased cybercrime, huge compliance
requirements and complex networks demands that all security
products exchange intelligence, says security firm
McAfee.
"The traditional approach to enterprise security simply doesn't
work as it leaves security holes, is unmanageable and too costly,"
Dave DeWalt, McAfee CEO, said in a keynote at
RSA Conference 2009 in San Francisco.
Instead, McAfee is proposing interconnected security technology
that will enable real-time global threat intelligence
in-the-cloud.
DeWalt said digital security should be like meteorology, which
uses weather sensors all over the planet to gather information for
analysis and distribution as weather forecasts.
Security technology in the future should be embedded everywhere,
he said, with all these security sensors reporting threat data to a
global threat intelligence system for analysis.
"Going beyond meteorology, the global threat intelligence system
would then feed back data to the sensors to provide smarter
security," said De Walt.
Reputation management, he said, is a key part of global threat
intelligence, assigning reputation scores to internet hosts,
senders, domains, URLs and messages based on behaviour.
As an example, DeWalt said intelligence from a spam e-mail can
allow a threat intelligence system to update security protection
across an enterprise.
"The firewall could block attacks from the IP address used to
send the e-mail; a web gateway can blacklist the website advertised
in the spam message; and antimalware protection can be alert on any
potentially included pests," he said.
According to DeWalt, this vision for predictive security is
already becoming a reality. McAfee plans to invest further in
threat intelligence to boost protection to move from proactive to
predictive security, he said.