Security in the face of increased cybercrime, huge compliance requirements and complex networks demands that all...
security products exchange intelligence, says security firm McAfee.
"The traditional approach to enterprise security simply doesn't work as it leaves security holes, is unmanageable and too costly," Dave DeWalt, McAfee CEO, said in a keynote at RSA Conference 2009 in San Francisco.
Instead, McAfee is proposing interconnected security technology that will enable real-time global threat intelligence in-the-cloud.
DeWalt said digital security should be like meteorology, which uses weather sensors all over the planet to gather information for analysis and distribution as weather forecasts.
Security technology in the future should be embedded everywhere, he said, with all these security sensors reporting threat data to a global threat intelligence system for analysis.
"Going beyond meteorology, the global threat intelligence system would then feed back data to the sensors to provide smarter security," said De Walt.
Reputation management, he said, is a key part of global threat intelligence, assigning reputation scores to internet hosts, senders, domains, URLs and messages based on behaviour.
As an example, DeWalt said intelligence from a spam e-mail can allow a threat intelligence system to update security protection across an enterprise.
"The firewall could block attacks from the IP address used to send the e-mail; a web gateway can blacklist the website advertised in the spam message; and antimalware protection can be alert on any potentially included pests," he said.
According to DeWalt, this vision for predictive security is already becoming a reality. McAfee plans to invest further in threat intelligence to boost protection to move from proactive to predictive security, he said.