While first-generation security focused on finding and fixing known threats, McAfee's next-generation endpoint security is aimed at protecting business from known and unknown threats.
Past approaches tended to focus on devices, rely on blacklisting and use a static device policy, said Candace Worley, senior vice-president and general manager of endpoint security at McAfee.
“We believe endpoint security has to become more dynamic and context-aware,” she said, especially with the proliferation of mobile and other devices tied to corporate infrastructure.
All of these, said Worley, are potential avenues for attack. Organisations need to find effective ways of protecting the whole stack and getting visibility of all potential threats.
“Context becomes critically important with the diversity of devices connecting to the corporate network,” Worley said.
Because risk depends on who is trying to access what on what device at what time and from what location, organisations need to be able to apply security policy dynamically.
“McAfee is one of the few security suppliers that can enable this capability because of our range of endpoint security solutions combined with our global threat intelligence,” said Worley.
McAfee’s new endpoint products include user-centric dynamic whitelisting, secure containers for mobile devices, encrypted remote management and protection of master boot records (MBRs).
The company claims that third party testing against an industry standard sample malware set proved to be “highly successful” with 100% blocking of malware achieved in a test by West Coast Labs.
The latest version of Deep Defender adds the ability to recognise any threats designed to compromise the MBR, such as Shamoon.
In Endpoint Encryption for PC or Mac, the latest enhancements – developed with input from Intel and due for release in Q4 – have reduced overhead to near zero performance impact on solid state drives using Intel’s advanced encryption standard instructions (AES-NI) technology.
There is also integration with Intel’s active management technology (AMT). McAfee's ePO Deep Command allows for secure and remote management of powered-off or disabled devices.
“This enables automated power off and on for maintenance and power saving by handling all the encryption and authentication that previously required manual support,” said Worley.
In Application Control, enhancements take whitelisting beyond the desktop environment and give IT managers control over how a non-whitelisted application can be approved, she said, which means users can remain productive by downloading and install a new driver, for example, using an innovative approval process.
And finally, the latest version of Enterprise Mobility Manager supports Apple iOS6, integrates the newest version of McAfee Secure container for Android 2.0, and provides additional security and management for both mobile platforms.
“Each innovation contributes to the next generation of endpoint security and is part of McAfee’s strategy of making technologies increasingly context aware,” said Worley.
She believes hardware-assisted security will also become critical. “While 100% security is impossible to achieve, there are some types of threat that you will never catch using software alone,” she said.